Managing Consultant in Cybersecurity and NERC Compliance at Guidehouse. Leading client management and project workstreams within the electric utility sector in Canada.
MO
Information Security Engineer – Application Security Focus
Posted 2 weeks ago
About the role
- Senior Information Security Engineer designing secure software solutions at Mechanical Orchard, specializing in application security and cloud environments.
Responsibilities
- Build Security into Development: Work alongside engineering teams to integrate security throughout the SDLC; from design reviews and threat modeling to secure coding practices. Conduct security assessments of applications, APIs, and cloud infrastructure. Guide developers on secure authentication, authorization, cryptography, and data protection. Champion security best practices while maintaining developer velocity and trust.
- Implement Security Tooling & Automation: Deploy and manage application security tools including SAST, DAST, SCA, and container scanning. Build automation for security testing in CI/CD pipelines. Implement and improve secrets management solutions. Create dashboards and metrics to track security posture.
- Drive Security Initiatives: Lead application vulnerability management programs including triage, prioritization, and driving remediation. Support security compliance efforts (SOC 2, ISO 27001, or similar frameworks). Contribute to incident response and security event investigation. Develop security training and documentation for engineering teams.
- Collaborate Across Teams: Partner with infrastructure and DevOps teams on cloud security controls. Perform risk assessments for new features, technologies, and third-party integrations. Participate in architecture reviews and provide security guidance.
Requirements
- Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related technical field, or equivalent practical experience.
- Strong written and verbal communication skills in English.
- 5+ years of professional experience in information security, with a significant focus on application and cloud security.
- Professional software development experience, with hands-on responsibility for designing, building, and maintaining production systems in a language like Python, Go, Java, JavaScript, or similar.
- Strong understanding of application security principles: OWASP Top 10, secure authentication/authorization, encryption, API security.
- Experience with cloud platforms (AWS, GCP, or Azure) and cloud-native security.
- Hands-on experience with CI/CD systems and DevOps practices.
- Knowledge of container security and orchestration platforms (Docker, Kubernetes).
- Experience implementing security tools like SAST/DAST scanners, dependency checkers, or secrets detection.
- Experience with security tools such as Aikido, Snyk, Semgrep, Trivy, Wiz, HashiCorp Vault, or similar.
- Collaborative mindset—you build security solutions with engineers, not against them.
Benefits
- Employee accommodations for disabilities.
- Equal employment opportunities for all applicants.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Senior Analyst performing SOC 1 and SOC 2 examinations at Kraken. Leading compliance initiatives and enhancing IT controls in a remote environment.
Security Guard responsible for protecting people and property in Amherst, Nova Scotia. Conducting patrols and monitoring security systems to ensure safety.
Security Lead responsible for driving security function and strategy at Newton, a crypto trading platform. Ensuring CIRO and SOC 2 alignment while embedding security practices across all systems and applications.
Senior Cybersecurity Engineer at Vervent focused on security solution design and incident response. Join a growing team to implement and strengthen enterprise security operations.
IA
Conseiller juridique stratégique au sein des Services juridiques pour la protection des renseignements personnels au Canada. Fournissant des conseils stratégiques en matière de cybersécurité et réglementaire.
Manager, Information Security at Manulife will assess vendor IT risks and security controls. Conducting audits, guiding businesses in IT risk management under a hybrid working model.
Key role in operational security management of IT infrastructures at Xideral. Involves risk management, security architecture, and coordination with various stakeholders.
Responsable de la sécurité industrielle chez L3Harris Technologies, soutenant la sécurité des installations et la protection de la propriété intellectuelle. Interagir avec des clients internes et externes pour les tâches de sécurité tout en exécutant les fonctions de sécurité.
Industrial Security Lead managing facility security functions at L3Harris Technologies to support compliance with security policies. Engaging with internal and external security officials and overseeing security operations.